recent certificate errors: CERTIFICATE_VERIFY_FAILED: unable to get local issuer certificate #43024
Labels
area-core-library
SDK core library issues (core, async, ...); use area-vm or area-web for platform specific libraries.
library-io
Currently building a Flutter app with Dio and the default HttpClient. Recently multiple sites started choking with the following error:
HandshakeException: Handshake error in client (OS Error: CERTIFICATE_VERIFY_FAILED: unable to get local issuer certificate(handshake.cc:354))
These sites worked ok, without error, a few weeks ago. Perhaps an upgrade of Flutter or the SDK added more restrictions to valid certificates?
I have searched through the repo for similar reports as well as the general internet.
unable to get local issuer certificate
is often caused by the web server failing to send intermediate certs. I'm not sure if that's the case here.One site's cert is issued by
GeoTrust RSA CA 2018
which is authorized byDigiCert Global Root CA
Another site's cert is issued by
Go Daddy Secure Certificate Authority - G2
which is authorized byGo Daddy Root Certificate Authority -- G2
Both Chrome and Firefox claim the sites are secure, there is no complaint about missing certs, the browsers include the full chain. The sites use either TLS 1.2 or 1.3 so it's not an old version.
I do not have any proxy or firewall set (seen that as a remedy in other threads). Many other sites work fine, no Handshake error. It's possible to workaround by replacing the default HttpClient with one that allows bad certs (
client.badCertificateCallback = (cert,host,port) => true
) but this is not ideal.The text was updated successfully, but these errors were encountered: